Methods that precisely compensate for propagation distortion using pilot symbols are widely used in mobile communications. We describe such a pilot-symbol-assisted technique for precise compensation of flat fading and frequency offset. This technique provides a wide range of offset compensation. Conventional methods using fast Fourier transform (FFT) compensate for both slow and fast fading, but their tolerable range of frequency offset is very limited. By composing a system with an approximate frequency estimator, we can estimate and compensate for fading and a large frequency offset at the same time. The estimation and compensation are carried out by periodic pilot symbols and no other index sequences are needed. This method enables high-data-rate transmission. We describe the method and provide a theoretical analysis for the compensable range of fading and frequency offset for a transmission frame structure with pilot symbols. Then, we evaluate the method by computer simulation.

In this paper authorization-limited transformation-free proxy cryptosystems (AL-TFP systems) are studied. It is a modification of the original proxy cryptosystem introduced by Mambo et al.[8] in which a ciphertext transformation by the original decryptor is necessary, and also a modification of the delegated decryption system proposed by Mu et al.[10]. In both systems proposed in [8] and [10], the original decryptors have to trust their proxies completely. The AL-TFP system allows the proxy decryptor to do decryption directly without any ciphertext transformation from the original decryptor, so that it can release the original decryptor more efficiently from a large amount of decrypting operations. Moreover, the original decryptor's privacy can be protected efficiently because the authority of proxy decryptor is limited to his duty and valid period. An active identity-based and a directory-based AL-TFP systems from pairings are proposed. Furthermore, an application of directory-based AL-TFP system to electronic commerce is also described. The securities of our schemes introduced are based on the BDH assumption.

Computer viruses, hackers, intrusions and ther computer crimes have recently become a serious security problem in information systems. Digital signatures are useful to defend against these threats, especially against computer viruses. This is because a modification of a file can be detected by checking the consistency of the originai file with its accompanying digital signature. But an executable program might have been infected with the viruses before the signature was created. In this case, the infection cannot be detected by signature verification and the origin of the infection cannot be specified either. In this paper, we propose a signature scheme in which one can sign right after the creation of an executable program. That is, when a user compiles a source program, the compiler automatically creates both the executable program and its signature. Thus viruses cannot infect the executable programs without detection. Moreover, we can specify the creator of contaminated executable programs. In our signature scheme, a signature is created from a set of secret integers stored in a compiler, which is calculated from a compiler-maker's secret key. Each compiler is possessed by only one user and it is used only when a secret value is fed into it. In this way a signature of an executable program and the compiler-owner are linked to each other. Despite these measures, an executable program could run abnormally because of an infection in prepro-cessing step, e.g. an infection of library files or included files. An infection of these files is detected by ordinary digital signatures. The proposed signature scheme together with digital signature against infection in the preprocessing step enables us to specify the origin of the infection. The name of the signature creator is not necessary for detecting an infection. So, an owner's public value is not searched in our scheme, and only a public value of a compiler-maker is required for signature verification. Furthermore, no one can use a compiler owned by another to create a proper signature.

In this paper a new type of public-key cryptosystem, proxy cryptosystem, is studied. The proxy cryptosystem allows an original decryptor to transform its ciphertext to a ciphertext for a designated decryptor, proxy decryptor. Once the ciphertext transformation is executed, the proxy decryptor can compute a plaintext in place of the original decryptor. Such a cryptosystem is very useful when an entity has to deal with large amount of decrypting operation. The entity can actually speed-up the decrypting operation by authorizing multiple proxy decyptors. Concrete proxy cryptosystems are constructed for the ElGamal cryptosystem and the RSA cryptosystem. A straightforward construction of the proxy cryptosystem is given as follows. The original decryptor decrypts its ciphertext and re-encrypts an obtained plaintext under a designated proxy decryptor's public key. Then the designated proxy decryptor can read the plaintext. Our constructions are more efficient than such consecutive execution of decryption and re-encryption. Especially, the computational work done by the original decryptor is reduced in the proxy cryptosystems.

Sensor networks, in which many small terminals are wirelessly connected, have recently received considerable interest according to the development of wireless technology and electronic circuit. To provide advanced applications and services by the sensor networks, data collection including node location is essential. Hence the location estimation is important and many localization schemes have been proposed. Time of arrival (TOA) localization is one of the popular schemes because of its high estimation accuracy in ultra wide-band (UWB) sensor networks. However, a non-line-of-sight (NLOS) environment between the target and the anchor nodes causes a serious estimation error because the time is delayed more than its true one. Thus, the NLOS nodes should be detected and eliminated for estimation. As a well-known NLOS detection scheme, an iterative minimum residual (IMR) scheme which has low calculation complexity is used for detection. However, the detection error exists in IMR scheme due to the measurement error. Therefore, in this paper, we propose a new IMR-based NLOS detection scheme and show its performance improvement by computer simulations.

In recent years, there has been significant interest in information-theoretic security techniques that encrypt physical layer signals. We have proposed chaos modulation, which has both physical layer security and channel coding gain, as one such technique. In the chaos modulation method, the channel coding gain can be increased using a turbo mechanism that exchanges the log-likelihood ratio (LLR) with an external concatenated code using the max-log approximation. However, chaos modulation, which is a type of Gaussian modulation, does not use fixed mapping, and the distance between signal points is not constant; therefore, the accuracy of the max-log approximated LLR degrades under poor channel conditions. As a result, conventional methods suffer from performance degradation owing to error propagation in turbo decoding. Therefore, in this paper, we propose a new LLR clipping method that can be optimally applied to chaos modulation by limiting the confidence level of LLR and suppressing error propagation. For effective clipping on chaos modulation that does not have fixed mappings, the average confidence value is obtained from the extrinsic LLR calculated from the demodulator and decoder, and clipping is performed based on this value, either in the demodulator or the decoder. Numerical results indicated that the proposed method achieves the same performance as the one using the exact LLR, which requires complicated calculations. Furthermore, the security feature of the proposed system is evaluated, and we observe that sufficient security is provided.

We propose a novel channel model of satellite-to-ground optical transmission to achieve a global-scale high-capacity communication network. In addition, we compose an effective channel coding scheme based on low-density generator matrix (LDGM) code suitable for that channel. Because the first successful optical satellite communication demonstrations are quite recent, no practical channel model has been introduced. We analyze the results of optical transmission experiments between ground station and the Optical Inter-orbit Communications Engineering Test Satellite (OICETS) performed by NICT and JAXA in 2008 and propose a new Markov-based practical channel model. Furthermore, using this model we design an effective long erasure code (LEC) based on LDGM to achieve high-quality wireless optical transmissions.

Broadcasting with secrecy of messages is important in a situation such as pay television. In pay television only a broadcasting station broadcasts a message. On the other hand, broadcast communication is also important. Broadcast communication means any user in a whole group can broadcast a message to any subset of the group. In this paper the efficiency of secure broadcast communication is discussed in terms of the length of messages sent and the encryption speed. We prove that the length of the broadcast messages is not kept less than O(n), where n is the number of receivers, when a broadcast system has a form of a single system which is defined as the generalized form of an individual key method and a master key method. In contrast, the proposed secure broadcast communication method, a multi-dimension method, keeps the length of messages sent O(mmn), where m is the number of the dimension used in the multi-dimension method. At the same time the encryption speed was reduced from O(n(log(n+C2)+C3)) of the master key method to O(mn(logmn+C1)) of the multi-dimension method.

Cryptographic protocols enable participating parties to compute any function of their inputs without leaking any information beyond the output. A card-based protocol is a cryptographic protocol implemented by physical cards. In this paper, for constructing protocols with small numbers of shuffles, we introduce a new type of cards, regular polygon cards, and a new protocol, oblivious conversion. Using our cards, we construct an addition protocol on non-binary inputs with only one shuffle and two cards. Furthermore, using our oblivious conversion protocol, we construct the first protocol for general functions in which the number of shuffles is linear in the number of inputs.

In this letter, an NB RCP LDPC (Non-Binary Rate-Compatible-Punctured Low Density Parity Check) code has been designed over the extended Galois Field. The designed code enables us to change the code rate easily by properly puncturing the appropriate symbols from the LDPC mother code. The designed NB RCP LDPC code has been applied to the Type II HARQ (Hybrid Automatic Repeat reQuest) scheme using OFDM (Orthogonal Frequency Division Multiplexing) modulation. The throughput characteristics of the proposed HARQ scheme are evaluated through computation simulation.

To meet the increasing demand to expand wavelength division multiplexing (WDM) transmission capacity, ultrahigh spectral density coherent optical transmission employing multi-level modulation formats has attracted a lot of attention. In particular, ultrahigh multi-level quadrature amplitude modulation (QAM) has an enormous advantage as regards expanding the spectral efficiency to 10 bit/s/Hz and even approaching the Shannon limit. We describe fundamental technologies for ultrahigh spectral density coherent QAM transmission and present experimental results on polarization-multiplexed 256 QAM coherent optical transmission using heterodyne and homodyne detection with a frequency-stabilized laser and an optical phase-locked loop technique. In this experiment, Raman amplifiers are newly adopted to decrease the signal power, which can reduce the fiber nonlinearity. As a result, the power penalty was reduced from 5.3 to 2.0 dB. A 64 Gbit/s data signal is successfully transmitted over 160 km with an optical bandwidth of 5.4 GHz.

In this paper a public key certification scheme, which protects privacy of user of the public key certificate, is proposed. In the proposed scheme a certification authority issues anonymous public key certificates, with which a certificate user having his/her own secret key can make use of public key cryptography and a certificate verifier can confirm the authenticity of the cryptographic communication of the certificate user. The anonymity of their users is preserved against the verifier. In general, user's activities should not be linked each other from the viewpoint of privacy protection. The use of the same certificate results in the linkage of the cryptographic communications. So, ideally, a certificate should be used only once, and such a certificate is called a one-time certificate. In the proposed scheme one-time certificates are realized with low cost of communication and computation for the certificate user. Multiple certificates can be issued without interaction between CA and the user. The additional computation of the user to obtain a new anonymous public key certificate is one modular exponentiation. In addition, only one secret key is required for multiple certificates. Therefore, the proposed scheme is useful for applications which require anonymity, unlinkability, and efficiency.

Recently Tate pairing and its variations are attracted in cryptography. Their operations consist of a main iteration loop and a final exponentiation. The final exponentiation is necessary for generating a unique value of the bilinear pairing in the extension fields. The speed of the main loop has become fast by the recent improvements, e.g., the Duursma-Lee algorithm and ηT pairing. In this paper we discuss how to enhance the speed of the final exponentiation of the ηT pairing in the extension field F36n. Indeed, we propose some efficient algorithms using the torus T2(F33n) that can efficiently compute an inversion and a powering by 3n + 1. Consequently, the total processing cost of computing the ηT pairing can be reduced by 16% for n=97.

The purpose of this paper is to study sender authenticated key agreements by a third party, which uses the received parameters to verify the fact that a sender of a message knows his long-term private key. In particular, we propose a standard model for the protocol among three entities for the first time. The security of this protocol depends on the difficulty of solving two new problems related to one-way isomorphisms and the decision co-bilinear Diffie-Hellman problem on multiplicative cyclic groups. It is the first time that the security of a key agreement has been formally proven by using negligible probability. We believe that our contribution gives many applications in the cryptographic community.

As the demand for higher transmission rates and spectral efficiency is steadily increasing, the research and development of novel mobile communication systems has gained momentum. This paper focuses on providing a comprehensive survey of research and development activities on fifth generation mobile communication systems in Japan. We try to survey a vast area of wireless communication systems and the developments that led to future 5G systems.

We describe our implementation of the Hypercube variation of the Multiple Polynomial Quadratic Sieve (HMPQS) integer factorization algorithm on a Parsytec GC computer with 128 processors. HMPQS is a variation on the Quadratic Sieve (QS) algorithm which inspects many quadratic polynomials looking for quadratic residues with small prime factors. The polynomials are organized as the nodes of an n-dimensional cube. We report on the performance of our implementations on factoring several large numbers for the Cunningham Project.

ID-SP-M4M scheme means ID-based series-parallel multisignature schemes for multi-messages. In this paper, we investigate series-parallel multisignature schemes for multi-messages and propose an ID-SP-M4M scheme based on pairings in which signers in the same subgroup sign the same message, and those in different subgroups sign different messages. Our new scheme is an improvement over the series-parallel multisignature schemes introduced by Doi et al.[6]-[8] and subsequent results such as the schemes proposed by Burmester et al.[4] and the original protocols proposed by Tada [20],[21], in which only one message is to be signed. Furthermore, our ID-SP-M4M scheme is secure against forgery signature attack from parallel insiders under the BDH assumption.